CN112801453B - A risk assessment method, device, terminal and storage medium - Google Patents

A risk assessment method, device, terminal and storage medium Download PDF

Info

Publication number
CN112801453B
CN112801453B CN202011618254.1A CN202011618254A CN112801453B CN 112801453 B CN112801453 B CN 112801453B CN 202011618254 A CN202011618254 A CN 202011618254A CN 112801453 B CN112801453 B CN 112801453B
Authority
CN
China
Prior art keywords
resource
item
risk
information
items
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011618254.1A
Other languages
Chinese (zh)
Other versions
CN112801453A (en
Inventor
张文生
张大强
刘闯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin University Of Technology Tianchuang Electronics Co ltd
Original Assignee
Harbin University Of Technology Tianchuang Electronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin University Of Technology Tianchuang Electronics Co ltd filed Critical Harbin University Of Technology Tianchuang Electronics Co ltd
Priority to CN202011618254.1A priority Critical patent/CN112801453B/en
Publication of CN112801453A publication Critical patent/CN112801453A/en
Application granted granted Critical
Publication of CN112801453B publication Critical patent/CN112801453B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/04Manufacturing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Theoretical Computer Science (AREA)
  • Marketing (AREA)
  • General Physics & Mathematics (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Manufacturing & Machinery (AREA)
  • Game Theory and Decision Science (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application is suitable for the field of computers and provides a risk assessment method, a risk assessment device, a risk assessment terminal and a risk assessment storage medium. The risk assessment method comprises the following steps: acquiring a risk item of each resource item of an industrial control system, a resource importance degree value of each resource item, and a loss degree value of each risk item of each resource item, which causes resource loss to the resource item; collecting resource information of each resource item, and determining the occurrence frequency of each risk item in each resource item according to the resource information; and determining the risk value of each risk item in each resource item according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item and the loss degree value of each risk item of each resource item, which causes resource loss to the resource item. The embodiment of the application can perform risk assessment on resources of the industrial control system, realize early warning on risk items existing in the industrial control system, and is beneficial to enterprises to avoid risks.

Description

一种风险评估方法、装置、终端和存储介质A risk assessment method, device, terminal and storage medium

技术领域Technical Field

本申请属于计算机领域,尤其涉及一种风险评估方法、装置、终端和存储 介质。The present invention relates to the field of computers, and more particularly to a risk assessment method, device, terminal and storage medium.

背景技术Background Art

工业控制系统(Industrial Control Systems,ICS)又称为工控系统,是由各 种自动化控制组件以及对实时数据进行采集、监测的过程控制组件共同构成的 确保工业基础设施自动化运行、过程控制与监控的业务流程管控系统。Industrial Control Systems (ICS), also known as industrial control systems, are business process management and control systems that are composed of various automation control components and process control components that collect and monitor real-time data to ensure the automated operation, process control and monitoring of industrial infrastructure.

通用的网络技术在工业控制系统中的普遍运用使得工业控制系统的开放程 度随之提升,工业控制系统与公共互联网的联系愈发密切。但是,使用通用的 网络技术也带来了一些风险项,这些风险项很容易造成工业控制系统内资源的 损失。The widespread use of general network technologies in industrial control systems has increased the openness of industrial control systems and made them more closely connected with the public Internet. However, the use of general network technologies also brings some risks, which can easily cause the loss of resources in industrial control systems.

因此,需要一种对工业控制系统的资源进行风险评估的方法,帮助企业对 工业控制系统存在的风险项进行预警,降低企业使用工业控制系统过程中出现 的资源损失。Therefore, there is a need for a method to conduct risk assessment on the resources of industrial control systems to help enterprises to issue early warnings on risk items in industrial control systems and reduce resource losses that occur when enterprises use industrial control systems.

发明内容Summary of the invention

本申请实施例提供一种风险评估方法、装置、终端和存储介质,可以对工 业控制系统的资源进行风险评估,实现对工业控制系统存在的风险项进行预警, 有利于企业规避风险。The embodiments of the present application provide a risk assessment method, device, terminal and storage medium, which can perform risk assessment on the resources of industrial control systems and provide early warning for risk items existing in the industrial control systems, which is helpful for enterprises to avoid risks.

本申请实施例第一方面提供一种风险评估方法,包括:A first aspect of an embodiment of the present application provides a risk assessment method, comprising:

获取工业控制系统的每个资源项的风险项和每个所述资源项的资源重要程 度值,以及每个所述资源项的各个所述风险项对所述资源项造成资源损失的损 失程度值;Obtaining the risk item of each resource item of the industrial control system and the resource importance value of each resource item, as well as the loss degree value of the resource loss caused by each risk item of each resource item to the resource item;

采集各个所述资源项的资源信息,并根据所述资源信息确定各个所述资源 项中各个所述风险项的出现频率;Collecting resource information of each of the resource items, and determining the occurrence frequency of each of the risk items in each of the resource items according to the resource information;

根据每个所述资源项的资源重要程度值、每个所述资源项的各个风险项的 出现频率以及每个所述资源项的各个风险项对所述资源项造成资源损失的损失 程度值,确定各个所述资源项中各个风险项的风险值。The risk value of each risk item in each resource item is determined according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item and the loss degree value of each risk item of each resource item causing resource loss to the resource item.

本申请实施例第二方面提供的一种测试装置,包括:A second aspect of an embodiment of the present application provides a testing device, comprising:

获取单元,用于获取工业控制系统的每个资源项的风险项和每个所述资源 项的资源重要程度值,以及每个所述资源项的各个所述风险项对所述资源项造 成资源损失的损失程度值;an acquisition unit, configured to acquire a risk item of each resource item of the industrial control system and a resource importance value of each resource item, and a loss degree value of resource loss caused by each risk item of each resource item to the resource item;

采集单元,用于采集各个所述资源项的资源信息,并根据所述资源信息确 定各个所述资源项中各个所述风险项的出现频率;a collecting unit, configured to collect resource information of each of the resource items, and determine the occurrence frequency of each of the risk items in each of the resource items according to the resource information;

确定单元,用于根据每个所述资源项的资源重要程度值、每个所述资源项 的各个风险项的出现频率以及每个所述资源项的各个风险项对所述资源项造成 资源损失的损失程度值,确定各个所述资源项中各个风险项的风险值。A determination unit is used to determine the risk value of each risk item in each of the resource items according to the resource importance value of each of the resource items, the occurrence frequency of each risk item of each of the resource items, and the loss degree value of the resource loss caused by each risk item of each of the resource items to the resource item.

本申请实施例第三方面提供一种终端,包括存储器、处理器以及存储在所 述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算 机程序时实现上述方法的步骤。A third aspect of an embodiment of the present application provides a terminal, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the above method when executing the computer program.

本申请实施例第四方面提供一种计算机可读存储介质,所述计算机可读存 储介质存储有计算机程序,所述计算机程序被处理器执行时实现上述方法的步 骤。A fourth aspect of an embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the above method are implemented.

本申请实施例第五方面提供了一种计算机程序产品,当计算机程序产品在 终端上运行时,使得终端执行时实现方法的步骤。A fifth aspect of an embodiment of the present application provides a computer program product, which, when the computer program product runs on a terminal, enables the terminal to implement the steps of the method when executing the computer program product.

可以理解的是,上述第二方面至第五方面的有益效果可以参见上述第一方 面中的相关描述,在此不再赘述。It can be understood that the beneficial effects of the second to fifth aspects mentioned above can be found in the relevant description of the first aspect mentioned above, and will not be repeated here.

本申请实施例中,通过获取工业控制系统的每个资源项的风险项和每个资 源项的资源重要程度值,以及每个资源项的各个风险项对资源项造成资源损失 的损失程度值。然后,采集各个资源项的资源信息,并根据资源信息确定各个 资源项中各个风险项的出现频率。接着,根据每个资源项的资源重要程度值、 每个资源项的各个风险项的出现频率以及每个资源项的各个风险项对资源项造成资源损失的损失程度值,确定各个资源项的风险值。使得可以通过采集到的 资源信息确定工业控制系统的风险值,实现对工业控制系统的风险评估,能够 对工业控制系统存在的风险项进行预警,有利于企业规避风险。In the embodiment of the present application, the risk item of each resource item of the industrial control system and the resource importance value of each resource item, as well as the loss degree value of each risk item of each resource item causing resource loss to the resource item, are obtained. Then, the resource information of each resource item is collected, and the occurrence frequency of each risk item in each resource item is determined according to the resource information. Next, the risk value of each resource item is determined according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of each risk item of each resource item causing resource loss to the resource item. The risk value of the industrial control system can be determined by the collected resource information, and the risk assessment of the industrial control system can be realized, and the risk items existing in the industrial control system can be warned, which is conducive to risk avoidance for enterprises.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技 术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅 仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳 动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative labor.

图1是本申请实施例提供的一种风险评估方法的实现流程示意图;FIG1 is a schematic diagram of an implementation flow of a risk assessment method provided in an embodiment of the present application;

图2是本申请实施例提供的确定各个风险项的出现频率的具体实现流程示 意图;FIG2 is a schematic diagram of a specific implementation process for determining the occurrence frequency of each risk item provided in an embodiment of the present application;

图3是本申请实施例提供的一种风险评估装置的结构示意图;FIG3 is a schematic diagram of the structure of a risk assessment device provided in an embodiment of the present application;

图4是本申请实施例提供的终端的结构示意图。FIG4 is a schematic diagram of the structure of a terminal provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实 施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅 仅用以解释本申请,并不用于限定本申请。基于本申请的实施例,本领域技术 人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本申请 保护的范围。In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application is further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application and are not used to limit the present application. Based on the embodiments of the present application, all other embodiments obtained by technical personnel in this field without making creative work are within the scope of protection of the present application.

工业控制系统(Industrial Control Systems,ICS)又称为工控系统,是由各 种自动化控制组件以及对实时数据进行采集、监测的过程控制组件共同构成的 确保工业基础设施自动化运行、过程控制与监控的业务流程管控系统。Industrial Control Systems (ICS), also known as industrial control systems, are business process management and control systems that are composed of various automation control components and process control components that collect and monitor real-time data to ensure the automated operation, process control and monitoring of industrial infrastructure.

目前,工业控制系统的整体规模正在逐步扩大,信息、网络技术在ICS中 运用的频率不断增加,例如运用操作系统和TCP/IP协议等实现工业控制网络从 控制层到管理层的监视与控制。At present, the overall scale of industrial control systems is gradually expanding, and the frequency of application of information and network technologies in ICS is increasing. For example, the use of operating systems and TCP/IP protocols can realize the monitoring and control of industrial control networks from the control layer to the management layer.

通用的网络技术在工业控制系统中的普遍运用使得工业控制系统开放程度 也随之提升,工业控制系统与公共互联网的联系也愈发密切。但是,使用通用 的网络技术也带来了一些风险项,这些风险项打破了工业控制网络与互联网的 封闭性,将工业控制系统存在的脆弱性问题暴露在公共网络中,重要资源遭遇 威胁的概率上升,资源的价值与资源的脆弱性相结合将增加安全事件造成的工业控制系统内资源的损失。The widespread use of general network technologies in industrial control systems has increased the openness of industrial control systems and made the connection between industrial control systems and the public Internet closer. However, the use of general network technologies also brings some risks, which break the closedness of industrial control networks and the Internet, expose the vulnerability of industrial control systems to the public network, increase the probability of important resources being threatened, and the combination of resource value and resource vulnerability will increase the loss of resources in industrial control systems caused by security incidents.

因此,考虑到上述存在的问题,需要一种对工业控制系统进行风险评估的 方法,协助企业判定资源价值,评判资源的遭遇的威胁及存在的脆弱性能够及 时找到工业控制系统系统的问题,为企业尽早采取安全措施,降低工业控制系 统存在的风险提供支撑。Therefore, considering the above-mentioned problems, a method for risk assessment of industrial control systems is needed to assist enterprises in determining the value of resources, assessing the threats and vulnerabilities faced by resources, and promptly identifying problems in industrial control systems, providing support for enterprises to take security measures as early as possible and reduce the risks of industrial control systems.

为了说明本申请的技术方案,下面通过具体实施例来进行说明。In order to illustrate the technical solution of the present application, a specific embodiment is provided below for illustration.

图1示出了本申请实施例提供的一种风险评估方法的实现流程示意图,该方法可以应用于终端,可适用于需对工业控制系统的资源进行风险评估的情形。FIG1 shows a schematic diagram of an implementation flow of a risk assessment method provided in an embodiment of the present application. The method can be applied to a terminal and is applicable to situations where risk assessment of resources of an industrial control system is required.

其中,上述终端可以为工业控制系统中的管理终端,如管理服务器、电脑 等。Among them, the above-mentioned terminal can be a management terminal in an industrial control system, such as a management server, a computer, etc.

具体的,上述风险评估方法可以包括以下步骤S101至步骤S103。Specifically, the above risk assessment method may include the following steps S101 to S103.

步骤S101,获取工业控制系统的每个资源项的风险项和每个资源项的资源 重要程度值,以及每个资源项的各个风险项对资源项造成资源损失的损失程度 值。Step S101, obtaining the risk items of each resource item of the industrial control system and the resource importance value of each resource item, as well as the loss degree value of each risk item of each resource item causing resource loss to the resource item.

其中,上述资源项可以为资产或工业控制系统内涉及的其他类型的资源项。The above resource items may be assets or other types of resource items involved in the industrial control system.

实际应用中,不同的工业控制系统依据其实际情况会有不同的资源项,相 同资源项在不同工业控制系统中的重要程度也可能不相同。因此,在本申请的 一些实施方式中,上述终端需要确定工业控制系统的每个资源项,并对资源项 进行分类。In actual applications, different industrial control systems may have different resource items according to their actual conditions, and the importance of the same resource item in different industrial control systems may also be different. Therefore, in some implementations of the present application, the above terminal needs to determine each resource item of the industrial control system and classify the resource items.

其中,上述分类方式可以由本领域有经验的技术人员根据实际情况进行选 择,例如,具体的资源项分类方法可以根据具体的评估对象和要求进行分类。 以上述资源项为资产为例进行说明,上述资产是指对组织具有价值的信息或资 源,是安全策略保护的对象,其中,预先分类好的类别可以包括软件系统、网 络设备和安全设备等,在软件系统中包含的资产可以包括操作系统和数据库管理系统等。The above classification methods can be selected by experienced technicians in the field according to actual conditions. For example, the specific resource item classification method can be classified according to specific evaluation objects and requirements. Taking the above resource items as assets as an example, the above assets refer to information or resources that are valuable to the organization and are the objects protected by security policies. The pre-classified categories can include software systems, network devices, and security devices, etc. The assets included in the software system can include operating systems and database management systems, etc.

一般地,每个资源项一般都会有对应的风险项,上述风险项是指对资源项 造成影响,导致资源项发生资源损失的威胁。在本申请的一些实施方式中,可 以在获取到工业控制系统的每个资源项之后,确定每个资源项的风险项。Generally, each resource item generally has a corresponding risk item, and the above risk item refers to a threat that affects the resource item and causes resource loss in the resource item. In some implementations of the present application, after each resource item of the industrial control system is obtained, the risk item of each resource item can be determined.

在本申请的一些实施方式中,本领域有经验的管理员可以根据过往经验或 对工业控制系统实际操作过程中出现的问题,预先确定出每个资源项可能出现 的风险项。In some embodiments of the present application, an administrator with experience in the field can predetermine the possible risk items for each resource item based on past experience or problems that arise during the actual operation of the industrial control system.

以资源项为资产为例进行说明,若资产为软件系统,则其风险项可以为系 统软件故障、恶意代码或者越权操作等,若资产为安全设备或网络设备,其风 险项可以为硬件故障、网络攻击或者物理攻击等。Taking the resource item as an asset as an example, if the asset is a software system, its risk items can be system software failure, malicious code or unauthorized operation, etc. If the asset is a security device or network device, its risk items can be hardware failure, network attack or physical attack, etc.

当工业控制系统出现风险项时,即工业控制系统遭受威胁时,会直接导致 资源损失,但是,不同的风险项对工业控制系统造成的资源损失是不同的,相 同的风险项在不同工业控制系统中造成的资源损失也是不同的。因此,为了准 确地评估当前的工业控制系统中风险项导致的风险,上述终端还需要获取每个 资源项的资源重要程度值及每个资源项的各个风险项对资源项造成资源损失的比例。When a risk item appears in an industrial control system, that is, when the industrial control system is threatened, it will directly lead to resource loss. However, different risk items cause different resource losses to the industrial control system, and the same risk item causes different resource losses in different industrial control systems. Therefore, in order to accurately assess the risks caused by risk items in the current industrial control system, the above terminal also needs to obtain the resource importance value of each resource item and the proportion of resource loss caused by each risk item of each resource item to the resource item.

其中,上述资源重要程度值是指资源项的在安全属性上的达成程度或者其 安全属性未达成时所造成的影响程度,安全属性达成程度的不同将使资源项具 有不同的价值。在本申请的一些实施方式中,可以由本领域有经验的管理员根 据资源项的保密性、完整性和可用性对资源项进行评估并根据评估结果进行赋 值,得到资源重要程度值。The resource importance value refers to the degree of achievement of the security attribute of the resource item or the degree of impact caused by the failure of the security attribute. Different degrees of achievement of the security attribute will make the resource item have different values. In some embodiments of the present application, an administrator with experience in the field can evaluate the resource item according to the confidentiality, integrity and availability of the resource item and assign a value according to the evaluation result to obtain the resource importance value.

相应的,由于每个资源项的各个风险项对资源项造成的资源损失也是不同 的,因此还需要确定其造成资源损失的损失程度值。该损失程度值即为资源项 的脆弱性重要程度,表示如果资源项的脆弱性被相应的风险项利用时造成的资 源损失比例。Correspondingly, since the resource losses caused by each risk item of each resource item are also different, it is also necessary to determine the loss degree value of the resource loss caused by it. The loss degree value is the importance of the vulnerability of the resource item, which indicates the proportion of resource loss caused if the vulnerability of the resource item is exploited by the corresponding risk item.

在本申请的一些实施方式中,可以根据下表确定损失程度值。In some embodiments of the present application, the loss degree value can be determined according to the following table.

损失程度值Loss degree value 定义definition 55 如果被风险项利用,将对资源造成完全损害If exploited by risk items, it will cause complete damage to resources 44 如果被风险项利用,将对资源造成重大损害If exploited by risk items, it will cause significant damage to resources 33 如果被风险项利用,将对资源造成一般损害If exploited by a risk item, it will cause general damage to resources 22 如果被风险项利用,将对资源造成较小损害If exploited by risk items, it will cause minor damage to resources 11 如果被风险项利用,将对资源造成的损害可以忽略If exploited by risk items, the damage to resources can be ignored

需要说明的是,如果风险项关联的脆弱性为多项,则该风险项的损失程度 值可以为多个,每个损失程度值分别对应一项脆弱性。It should be noted that if there are multiple vulnerabilities associated with a risk item, the risk item can have multiple loss degree values, and each loss degree value corresponds to a vulnerability.

步骤S102,采集各个资源项的资源信息,并根据资源信息确定各个资源项 中各个风险项的出现频率。Step S102: collecting resource information of each resource item, and determining the occurrence frequency of each risk item in each resource item according to the resource information.

其中,上述资源信息是指工业控制系统的资源项的相关信息。The resource information mentioned above refers to the relevant information of the resource items of the industrial control system.

在本申请的实施方式中,对于不同的资源项,所使用的采集方式可以不同, 根据不同的采集方式得到的资源信息表现形式也可以不同。例如上述资源信息 可以为工业控制系统中设备的工作日志、工业控制系统的工作协议或者文件等 信息。In the implementation manner of the present application, for different resource items, the collection methods used may be different, and the resource information obtained according to different collection methods may also be expressed in different forms. For example, the above resource information may be information such as the work log of the equipment in the industrial control system, the work protocol or file of the industrial control system, etc.

在本申请的一些实施方式中,上述资源项包含操作员站;此时,上述采集 各个资源项的资源信息,可以包括:获取操作员站的日志信息;将日志信息作 为资源信息。In some implementations of the present application, the resource items include operator stations; in this case, the collection of resource information of each resource item may include: obtaining log information of the operator station; and using the log information as resource information.

具体的,针对工业控制系统操作员站中常见的Windows XP、WIndows7、 WindowsServer2000等操作系统的设备,可以采用安装采集器的形式进行采集 日志信息。其中,上述日志信息可以包括主机的操作系统生产运行状态、故障 信息、用户操作行为、系统配置、操作系统漏洞及补丁、网络连接、网络服务、 网络通信、安全防护状态等相关信息。Specifically, for devices with common operating systems such as Windows XP, WIndows7, and Windows Server 2000 in industrial control system operator stations, log information can be collected by installing a collector. The above log information may include the host operating system production and operation status, fault information, user operation behavior, system configuration, operating system vulnerabilities and patches, network connections, network services, network communications, security protection status and other related information.

在本申请的另一些实施方式中,上述资源项可以包含网络设备和安全设备, 此时,上述采集各个所述资源项的资源信息,可以包括:通过简单网络管理协 议(SimpleNetwork Management Protocol,SNMP),接收与网络设备关联的第 一网络节点和与安全设备关联的第二网络节点发送的通知消息;并将通知信息 作为资源信息。In some other embodiments of the present application, the above-mentioned resource items may include network devices and security devices. In this case, the above-mentioned collection of resource information of each of the resource items may include: receiving notification messages sent by a first network node associated with the network device and a second network node associated with the security device through a simple network management protocol (SNMP); and using the notification information as resource information.

具体的,对于工控网络系统中存在的大量交换机、路由器等网络设备,或 者防火墙等安全设备,通过简单网络管理协议,上述终端可以向第一网络节点 和第二网络节点发送请求,该请求用于询问预先定义好的相关信息的参数值。 当第一网络节点和第二网络节点接收到请求之后,会向上述终端反馈一个通知 信息,该通知信息中携带有上述参数值。根据预先对每个参数值的定义,上述终端可检测出该相关信息是否为风险项。Specifically, for a large number of network devices such as switches and routers, or security devices such as firewalls, in the industrial control network system, the terminal can send a request to the first network node and the second network node through the simple network management protocol, and the request is used to inquire about the parameter values of the pre-defined related information. After receiving the request, the first network node and the second network node will feedback a notification information to the terminal, and the notification information carries the parameter value. According to the pre-defined definition of each parameter value, the terminal can detect whether the related information is a risk item.

在本申请的另一些实施方式中,上述终端可以获取导入的资源信息,例如 对于工控私有协议、文件、Nginx日志、MySQL日志等其他类型的数据,可以 将通过导入日志的方式进行数据的收集。In other embodiments of the present application, the above-mentioned terminal can obtain imported resource information. For example, for other types of data such as industrial control private protocols, files, Nginx logs, MySQL logs, etc., data can be collected by importing logs.

需要说明的是,在本申请的一些实施方式中,上述终端可以建立一个管理 数据库,并将上述采集到的资源信息存储在管理数据库中。该管理数据库还可以用于存放原始报警信息、处理后的报警信息、报警关联规则、风险评估的等 其他信息。基于管理数据库进行风险评估,能够提高风险评估的效率,同时方 便用户对各项数据的查询与管理。It should be noted that, in some embodiments of the present application, the terminal may establish a management database and store the resource information collected in the management database. The management database may also be used to store original alarm information, processed alarm information, alarm association rules, risk assessment and other information. Risk assessment based on the management database can improve the efficiency of risk assessment and facilitate users to query and manage various data.

在本申请的实施方式中,在采集到的各个资源项的资源信息之后,上述终 端可以根据资源信息确定各个资源项中各个风险项的出现频率。In an implementation manner of the present application, after collecting resource information of each resource item, the above-mentioned terminal can determine the occurrence frequency of each risk item in each resource item according to the resource information.

具体的,在采集到的各个资源项的资源信息之后,上述终端可以将资源信 息和预设的风险项目标中资源模板信息进行比对,确定其中的各个风险项,并 统计其中各个风险项的出现频率。Specifically, after collecting the resource information of each resource item, the terminal can compare the resource information with the resource template information in the preset risk project target, determine each risk item therein, and count the occurrence frequency of each risk item therein.

以资源信息为工作日志为例,可以将工作日志中的每一项记录与资源模板 信息中对应的模板进行比对,如果记录与模板不同,则说明该条记录对应一个 风险项,从整个工作日志中确定出所有的风险项之后,可以统计出各个风险项 的出现频率。Taking resource information as a work log as an example, each record in the work log can be compared with the corresponding template in the resource template information. If the record is different from the template, it means that the record corresponds to a risk item. After all risk items are determined from the entire work log, the frequency of occurrence of each risk item can be counted.

需要说明的是,在本申请的一些实施方式中,上述终端可以依据下表对出 现频率进行赋值,并利用得到的出现频率值进行后续风险值的计算。It should be noted that in some embodiments of the present application, the above-mentioned terminal can assign a value to the occurrence frequency according to the following table, and use the obtained occurrence frequency value to calculate the subsequent risk value.

步骤S103,根据每个资源项的资源重要程度值、每个资源项的各个风险项 的出现频率以及每个资源项的各个风险项对资源项造成资源损失的损失程度 值,确定各个资源项中各个风险项的风险值。Step S103, determining the risk value of each risk item in each resource item according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of each risk item of each resource item causing resource loss to the resource item.

其中,上述风险值是指风险项造成资源损失的严重性。Among them, the above risk value refers to the severity of resource loss caused by the risk item.

在本申请的实施方式中,上述风险值是与安全事件发生的可能性以及安全 事件造成的资源损失相关,即若安全事件发生的可能性越高,则风险值越高, 同时,若安全事件造成的资源损失越多,则风险值越高。而安全事件发生的可 能性与每个资源项的各个风险项的出现频率和每个资源项的各个风险项对资源项造成资源损失的损失程度值相关,安全事件造成的资源损失则与每个资源项 的资源重要程度值和每个资源项的各个风险项对资源项造成资源损失的损失程 度值相关。In the implementation of the present application, the above risk value is related to the possibility of a security incident and the resource loss caused by the security incident, that is, the higher the possibility of a security incident, the higher the risk value, and at the same time, the more resource losses caused by the security incident, the higher the risk value. The possibility of a security incident is related to the occurrence frequency of each risk item of each resource item and the loss degree value of each risk item of each resource item causing resource loss to the resource item, and the resource loss caused by the security incident is related to the resource importance value of each resource item and the loss degree value of each risk item of each resource item causing resource loss to the resource item.

因此,根据每个资源项的资源重要程度值、每个资源项的各个风险项的出 现频率以及每个资源项的各个风险项对资源项造成资源损失的损失程度值,上 述终端可以确定各个资源项中各个风险项的风险值。Therefore, according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of each risk item of each resource item causing resource loss to the resource item, the above terminal can determine the risk value of each risk item in each resource item.

需要说明的是,本领域有经验的技术人员可以预先划分出多个风险值区间, 并且每个区间对应有一个风险值等级,每个风险值等级对应不同的风险严重性, 此时根据风险值所在的区间,上述终端可以确定出该风险项对应的风险值等级, 使用户根据风险值等级确定当前的风险严重性。It should be noted that experienced technicians in this field can pre-divide multiple risk value intervals, and each interval corresponds to a risk value level, and each risk value level corresponds to a different risk severity. At this time, based on the interval where the risk value is located, the above-mentioned terminal can determine the risk value level corresponding to the risk item, so that the user can determine the current risk severity based on the risk value level.

例如,下表示出了一种不同风险值等级与风险严重性的对应关系。For example, the following table shows a correspondence between different risk value levels and risk severity.

本申请实施例中,通过获取工业控制系统的每个资源项的风险项和每个资 源项的资源重要程度值,以及每个资源项的各个风险项对资源项造成资源损失 的损失程度值。然后,采集各个资源项的资源信息,并根据资源信息确定各个 资源项中各个风险项的出现频率。接着,根据每个资源项的资源重要程度值、 每个资源项的各个风险项的出现频率以及每个资源项的各个风险项对资源项造 成资源损失的损失程度值,确定各个资源项的风险值。使得可以通过采集到的资源信息确定工业控制系统的风险值,实现对工业控制系统的风险评估,能够 对工业控制系统存在的风险项进行预警,有利于企业规避风险。In the embodiment of the present application, the risk item of each resource item of the industrial control system and the resource importance value of each resource item, as well as the loss degree value of each risk item of each resource item causing resource loss to the resource item, are obtained. Then, the resource information of each resource item is collected, and the occurrence frequency of each risk item in each resource item is determined according to the resource information. Then, the risk value of each resource item is determined according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of each risk item of each resource item causing resource loss to the resource item. The risk value of the industrial control system can be determined by the collected resource information, and the risk assessment of the industrial control system can be realized, and the risk items existing in the industrial control system can be warned, which is conducive to the enterprise to avoid risks.

具体的,上述风险值的计算方式可以根据实际情况进行选择。Specifically, the calculation method of the above risk value can be selected according to actual conditions.

在本申请的一些实施方式中,上述根据每个资源项的资源重要程度值、每 个资源项的各个风险项的出现频率以及每个资源项的各个风险项对资源项造成 资源损失的损失程度值,确定各个资源项中各个风险项的风险值的步骤中,单 个风险项的风险值的确定步骤包括:根据风险估算公式确定 该风险项的风险值。In some embodiments of the present application, in the above step of determining the risk value of each risk item in each resource item according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of each risk item of each resource item causing resource loss to the resource item, the step of determining the risk value of a single risk item includes: determining the risk value of each risk item according to the risk estimation formula Determine the risk value of the risk item.

其中,la为该风险项关联的资源项的资源重要程度值、T为该风险项的出 现频率;V为该风险项对该风险项关联的资源项造成资源损失的损失程度值。Wherein, la is the resource importance value of the resource item associated with the risk item, T is the occurrence frequency of the risk item, and V is the loss degree value of the resource loss caused by the risk item to the resource item associated with the risk item.

具体的,上述风险估算公式中,T×V可以用于表示安全事件发生的可能性, la×V可以用于表示安全事件造成的资源损失。基于安全事件发生的可能性和安 全事件造成的资源损失之间的乘运算,当安全事件发送的可能性较高,或者安 全事件造成的资源损失较高,该风险项对应的风险值也较高。Specifically, in the above risk estimation formula, T×V can be used to represent the possibility of a security incident, and la×V can be used to represent the resource loss caused by the security incident. Based on the multiplication operation between the possibility of a security incident and the resource loss caused by the security incident, when the possibility of a security incident is high or the resource loss caused by the security incident is high, the risk value corresponding to the risk item is also high.

本申请的实施方式中,根据风险估算公式确定该资源项 的风险值,可以基于对安全事件发生的可能性和安全事件造成的资源损失两个 因素的考虑计算风险值,使得计算出的风险值更加准确,即更符合实际发生风 险时造成资源损失的严重程度。In the implementation mode of the present application, according to the risk estimation formula To determine the risk value of the resource item, the risk value can be calculated based on two factors: the possibility of a security incident occurring and the resource loss caused by the security incident, so that the calculated risk value is more accurate, that is, more in line with the severity of the resource loss caused when the risk actually occurs.

实际应用中,上述终端采集到的各个资源项的资源信息可能会忽略一些工 业控制系统在实际操作中遇到的问题,因此,为了使风险值评估结果更加准确, 在本申请的另一些实施方式中,上述风险评估方法,还可以包括:获取工业控 制系统的用户调查结果。In actual applications, the resource information of each resource item collected by the above-mentioned terminal may ignore some problems encountered by the industrial control system in actual operation. Therefore, in order to make the risk value assessment result more accurate, in other embodiments of the present application, the above-mentioned risk assessment method may also include: obtaining user survey results of the industrial control system.

其中,上述用户调查结果是指对用户在调查问卷中填写的信息进行统计后 确定出的结果。Among them, the above-mentioned user survey results refer to the results determined after statistics are collected on the information filled in by users in the questionnaire.

具体的,调查问卷中可以包括资产遭遇的威胁情况,包含软硬件故障、物 理环境影响、无作为或操作失误、管理不到位、恶意代码、越权或滥用、网络 攻击、物理攻击、泄密、篡改、抵赖等信息,除此之外,调查问卷中可以包括 脆弱性识别表,包含物理环境、网络结构、系统软件、应用中间件、应用系统、 技术管理及组织管理。用户对调查问卷进行填写,并对用户填写的信息进行统计,即可得到用户调查结果。Specifically, the questionnaire may include threats to assets, including software and hardware failures, physical environment impacts, inaction or operational errors, inadequate management, malicious code, unauthorized access or abuse, network attacks, physical attacks, leaks, tampering, denial, etc. In addition, the questionnaire may include a vulnerability identification table, including physical environment, network structure, system software, application middleware, application system, technical management and organizational management. Users fill in the questionnaire, and the information filled in by users is counted to obtain the user survey results.

此时,如图2所示,在本申请的一些实施方式中,上述根据资源信息确定 各个资源项中各个风险项的出现频率,可以包括以下步骤S201至步骤S202。At this time, as shown in Figure 2, in some implementations of the present application, the above-mentioned determination of the occurrence frequency of each risk item in each resource item based on resource information may include the following steps S201 to S202.

步骤S201,获取预设的风险项模板。Step S201, obtaining a preset risk item template.

其中,上述风险项模板中记录有资源模板信息和调查结果模板信息,资源 模板信息是指每项资源信息所对应的标准结果,调查结果模板信息则是指每项 调查结果所对应的标准结果。Among them, the above-mentioned risk item template records resource template information and investigation result template information. The resource template information refers to the standard result corresponding to each resource information, and the investigation result template information refers to the standard result corresponding to each investigation result.

步骤S202,将资源信息以及用户调查结果分别与预设的风险项模板中对应的资源模板信息和调查结果模板信息进行比对,确定用户调查结果和资源信息 中出现的风险项,并统计风险项的出现频率。Step S202, compare the resource information and the user survey results with the corresponding resource template information and survey result template information in the preset risk item template, determine the risk items appearing in the user survey results and the resource information, and count the occurrence frequency of the risk items.

具体的,可以对资源信息的每一项资源信息和该项资源信息对应的资源模 板信息进行比对,如果该项资源信息和该项资源信息对应的资源模板信息存在 差异,即实际采集到的信息与标准结果不相同,则说明资源信息中出现风险项, 且该项资源信息对应一个风险项。同样的,可以对用户调查结果的每一项调查 结果和该项调查结果对应的调查结果模板信息进行比对,如果该项调查结果和该项调查结果对应的调查结果模板信息存在差异,即实际获取到的调查结果与 标准结果不相同,则说明调查结果中出现风险项,且该项调查结果对应一个风 险项。Specifically, each resource information of the resource information can be compared with the resource template information corresponding to the resource information. If there is a difference between the resource information and the resource template information corresponding to the resource information, that is, the actually collected information is different from the standard result, it means that a risk item appears in the resource information, and the resource information corresponds to a risk item. Similarly, each survey result of the user survey result can be compared with the survey result template information corresponding to the survey result. If there is a difference between the survey result and the survey result template information corresponding to the survey result, that is, the actually obtained survey result is different from the standard result, it means that a risk item appears in the survey result, and the survey result corresponds to a risk item.

比如调查问卷中的问题是“是否开启445端口”,用户调查结果中该项调 查结果为“是”,而调查结果模板信息中该项调查结果对应的结果是“否”, 若,则说明出现风险项,该风险项为445端口错误启动。For example, the question in the questionnaire is "Is port 445 enabled?" The result of this item in the user survey result is "Yes", while the corresponding result of this item in the survey result template information is "No". If so, it means that a risk item has occurred, and the risk item is the incorrect startup of port 445.

在本申请的实施方式中,基于上述方式可以确定出用户调查结果和资源信 息中出现的风险项,接着,可以根据出现的风险项统计风险项的出现频率。In the implementation mode of the present application, the risk items appearing in the user survey results and resource information can be determined based on the above method, and then the frequency of occurrence of the risk items can be statistically calculated based on the risk items that appear.

本申请的实施方式中,通过获取预设的风险项模板,并将资源信息以及用 户调查结果分别与预设的风险项模板中对应的资源模板信息和调查结果模板信 息进行比对,确定用户调查结果和资源信息中出现的风险项,并统计风险项的 出现频率,可以基于工业控制系统自身采集到的资源信息和来自工业控制系统 用户的用户调查结果对风险进行评估,使得评估过程能够考虑到一些工业控制系统在实际操作中遇到的问题,得到更加准确的风险值评估结果。In the implementation mode of the present application, by obtaining a preset risk item template, and comparing the resource information and the user survey results with the corresponding resource template information and survey result template information in the preset risk item template, the risk items appearing in the user survey results and the resource information are determined, and the frequency of occurrence of the risk items is counted. The risk can be evaluated based on the resource information collected by the industrial control system itself and the user survey results from the users of the industrial control system, so that the evaluation process can take into account some problems encountered by the industrial control system in actual operation, and obtain more accurate risk value evaluation results.

需要说明的是,在确定调查结果和资源信息中的各个风险项之后,还包括: 对调查结果和资源信息中的出现的风险项进行聚合,并根据聚合后的风险项输 出风险提示信息。It should be noted that after determining each risk item in the survey results and resource information, it also includes: aggregating the risk items appearing in the survey results and resource information, and outputting risk warning information based on the aggregated risk items.

在本申请的实施例中,相同的风险项可能出现多次,通过对风险项进行聚 合,可以避免上报重复告警信息积累,导致待处理告警数目过多。In an embodiment of the present application, the same risk item may appear multiple times. By aggregating the risk items, it is possible to avoid the accumulation of duplicate alarm information, which would lead to an excessive number of alarms to be processed.

其中,上述风险提示信息中可以包含告警资源项,风险项,时间等信息, 以及与风险项关联的日志详细信息,包括目标对象数量变化,目标对象事件是 否发生,目标对象指标项在预定名单内,目标对象指标超出指定阈值。并且, 上述终端可以以CSV的格式导出风险提示信息。The risk warning information may include information such as alarm resource items, risk items, time, and log details associated with the risk items, including changes in the number of target objects, whether target object events occur, whether target object index items are in a predetermined list, and whether target object indexes exceed a specified threshold. In addition, the terminal may export the risk warning information in CSV format.

进一步地,上述风险提示信息可以根据发生的时间进行排序,时间越靠前 则其排序在前面。Furthermore, the above risk warning information can be sorted according to the time of occurrence, and the earlier the time, the higher the sorting.

本申请的实施例,在聚合的同时兼顾了时间要素,避免输出的风险提示信 息存在较多的冗余信息,方便用户对风险项进行查看与管理。The embodiments of the present application take into account the time factor while aggregating, avoiding the presence of a lot of redundant information in the output risk warning information, and facilitating users to view and manage risk items.

在本申请的一些实施方式中,在确定各个资源项中各个风险项的风险值之 后,还包括:对工业控制系统的每个资源项、每个资源项的资源信息、每个资 源项的各个风险项和每个风险项的风险值进行展示。In some embodiments of the present application, after determining the risk value of each risk item in each resource item, it also includes: displaying each resource item of the industrial control system, the resource information of each resource item, each risk item of each resource item, and the risk value of each risk item.

也就是说,在本申请的一些实施方式中,上述终端可以对工业控制系统进 行资源画像,使得资源可视化,方便用户进行查看。That is to say, in some embodiments of the present application, the above-mentioned terminal can perform resource profiling of the industrial control system to visualize the resources and facilitate user viewing.

具体的,就资源的基本属性,运行信息,日志信息,异常信息可以建立全 面的知识库。并利用页面展示信息,使得用户可以直观了解资产的历史或当前 状态信息。页面可以展示工业控制系统的每个资源项、每个资源项的资源信息、 每个资源项的各个风险项、每个风险项的风险值,例如windows主机关注的系统是否在线、健康度、负载是否合理、开启的网络服务是否合规正常、是否有 规则允许的资产间互联、是否有非法用户登陆、是否对系统配置进行变更、重 要的应用软件是否发生故障,是否有系统漏洞、是否遭受恶意攻击、是否被种 植木马,是否有违规的外设接入并未被禁止,是否有安装的防护软件帮助阻止 恶意软件的影响,设备及应用软件是否中断了网络连接等等。Specifically, a comprehensive knowledge base can be established for the basic attributes, operation information, log information, and abnormal information of resources. And the information can be displayed on the page so that users can intuitively understand the historical or current status information of the asset. The page can display each resource item of the industrial control system, the resource information of each resource item, each risk item of each resource item, and the risk value of each risk item, such as whether the system concerned by the Windows host is online, healthy, whether the load is reasonable, whether the enabled network service is compliant and normal, whether there is interconnection between assets allowed by the rules, whether there are illegal users logging in, whether the system configuration is changed, whether important application software fails, whether there are system vulnerabilities, whether it is attacked maliciously, whether it is planted with Trojans, whether there are illegal peripherals that are not prohibited, whether there is installed protection software to help prevent the impact of malicious software, whether the device and application software have interrupted the network connection, etc.

进一步地,上述终端可基于资源的各维度信息,即工业控制系统的每个资 源项、每个资源项的资源信息、每个资源项的各个风险项、每个风险项的风险 值,生成PDF统计报表和PDF分析报表。Furthermore, the above-mentioned terminal can generate PDF statistical reports and PDF analysis reports based on various dimensional information of resources, namely, each resource item of the industrial control system, the resource information of each resource item, each risk item of each resource item, and the risk value of each risk item.

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述 为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的 动作顺序的限制,因为根据本申请,某些步骤可以采用其它顺序进行。It should be noted that, for the sake of simplicity, the aforementioned method embodiments are all expressed as a series of action combinations, but those skilled in the art should be aware that the present application is not limited to the described order of actions, because according to the present application, some steps can be performed in other orders.

如图3所示为本申请实施例提供的一种风险评估装置300的结构示意图, 所述风险评估装置300配置于终端上。所述风险评估装置300可以包括:FIG3 is a schematic diagram of the structure of a risk assessment device 300 provided in an embodiment of the present application, wherein the risk assessment device 300 is configured on a terminal. The risk assessment device 300 may include:

获取单元301,用于获取工业控制系统的每个资源项的风险项和每个所述 资源项的资源重要程度值,以及每个所述资源项的各个所述风险项对所述资源 项造成资源损失的损失程度值;The acquisition unit 301 is used to acquire the risk item of each resource item of the industrial control system and the resource importance value of each resource item, and the loss degree value of the resource loss caused by each risk item of each resource item to the resource item;

采集单元302,用于采集各个所述资源项的资源信息,并根据所述资源信 息确定各个所述资源项中各个所述风险项的出现频率;A collection unit 302, configured to collect resource information of each of the resource items, and determine the occurrence frequency of each of the risk items in each of the resource items according to the resource information;

确定单元303,用于根据每个所述资源项的资源重要程度值、每个所述资 源项的各个风险项的出现频率以及每个所述资源项的各个风险项对所述资源项 造成资源损失的损失程度值,确定各个所述资源项中各个风险项的风险值。The determination unit 303 is used to determine the risk value of each risk item in each of the resource items according to the resource importance value of each of the resource items, the occurrence frequency of each risk item of each of the resource items, and the loss degree value of the resource loss caused by each risk item of each of the resource items to the resource item.

在本申请的一些实施方式中,上述确定单元303还可以用于:对单个风险 项,根据风险估算公式确定该风险项的风险值;其中,la为 该风险项关联的资源项的资源重要程度值、T为该风险项的出现频率;V为该 风险项对该风险项关联的资源项造成资源损失的损失程度值。In some implementations of the present application, the determination unit 303 may also be used to: for a single risk item, according to the risk estimation formula Determine the risk value of the risk item; wherein la is the resource importance value of the resource item associated with the risk item, T is the occurrence frequency of the risk item; and V is the loss degree value of the resource loss caused by the risk item to the resource item associated with the risk item.

在本申请的一些实施方式中,上述获取单元301还可以用于:获取所述工 业控制系统的用户调查结果;上述采集单元302,还可以用于:获取预设的风 险项模板;将所述资源信息以及所述用户调查结果分别与所述预设的风险项模 板中对应的资源模板信息和调查结果模板信息进行比对,确定所述用户调查结 果和所述资源信息中出现的所述风险项,并统计所述风险项的出现频率。In some embodiments of the present application, the acquisition unit 301 may also be used to: acquire user survey results of the industrial control system; the acquisition unit 302 may also be used to: acquire a preset risk item template; compare the resource information and the user survey results with the corresponding resource template information and survey result template information in the preset risk item template, respectively, to determine the risk items appearing in the user survey results and the resource information, and to count the frequency of occurrence of the risk items.

在本申请的一些实施方式中,上述风险评估装置300还包括提示单元,可 以用于:对所述用户调查结果和所述资源信息中的出现的所述风险项进行聚合, 并根据聚合后的风险项输出风险提示信息。In some embodiments of the present application, the risk assessment device 300 further includes a prompt unit, which can be used to aggregate the risk items appearing in the user survey results and the resource information, and output risk prompt information based on the aggregated risk items.

在本申请的一些实施方式中,上述风险评估装置300还包括展示单元,可 以用于:对工业控制系统的每个所述资源项、每个所述资源项的资源信息、每 个所述资源项的各个风险项和每个所述风险项的风险值进行展示。In some embodiments of the present application, the above-mentioned risk assessment device 300 also includes a display unit, which can be used to: display each resource item of the industrial control system, the resource information of each resource item, the various risk items of each resource item, and the risk value of each risk item.

在本申请的一些实施方式中,上述资源项包含操作员站;上述采集单元 302,还可以用于:获取所述操作员站的日志信息;将所述日志信息作为所述资 源信息。In some implementations of the present application, the resource item includes an operator station; the acquisition unit 302 may also be used to: obtain log information of the operator station; and use the log information as the resource information.

在本申请的一些实施方式中,上述资源项包含网络设备和安全设备;上述 采集单元302,还可以用于:通过简单网络管理协议,接收与所述网络设备关 联的第一网络节点和与所述安全设备关联的第二网络节点发送的通知消息;将 所述通知信息作为所述资源信息。In some implementations of the present application, the above-mentioned resource items include network devices and security devices; the above-mentioned collection unit 302 can also be used to: receive notification messages sent by a first network node associated with the network device and a second network node associated with the security device through a simple network management protocol; and use the notification information as the resource information.

需要说明的是,为描述的方便和简洁,上述风险评估装置300的具体工作 过程,可以参考图1至图2所述方法的对应过程,在此不再赘述。It should be noted that, for the convenience and simplicity of description, the specific working process of the above-mentioned risk assessment device 300 can refer to the corresponding process of the method described in Figures 1 to 2, and will not be repeated here.

如图4所示,为本申请实施例提供的一种终端的示意图。该终端4可以包 括:处理器40、存储器41以及存储在所述存储器41中并可在所述处理器40 上运行的计算机程序42,例如测试程序。所述处理器40执行所述计算机程序42时实现上述各个风险评估方法实施例中的步骤,例如图1所示的步骤S101 至S103。或者,所述处理器40执行所述计算机程序42时实现上述各装置实施 例中各模块/单元的功能,例如图3所示的获取单元、采集单元和确定单元的功 能。As shown in FIG4 , it is a schematic diagram of a terminal provided in an embodiment of the present application. The terminal 4 may include: a processor 40, a memory 41, and a computer program 42 stored in the memory 41 and executable on the processor 40, such as a test program. When the processor 40 executes the computer program 42, the steps in the above-mentioned various risk assessment method embodiments are implemented, such as steps S101 to S103 shown in FIG1 . Alternatively, when the processor 40 executes the computer program 42, the functions of each module/unit in the above-mentioned various device embodiments are implemented, such as the functions of the acquisition unit, the collection unit, and the determination unit shown in FIG3 .

所述计算机程序可以被分割成一个或多个模块/单元,所述一个或者多个模 块/单元被存储在所述存储器41中,并由所述处理器40执行,以完成本申请。 所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令 段,该指令段用于描述所述计算机程序在所述终端中的执行过程。The computer program may be divided into one or more modules/units, which are stored in the memory 41 and executed by the processor 40 to complete the present application. The one or more modules/units may be a series of computer program instruction segments capable of completing specific functions, which are used to describe the execution process of the computer program in the terminal.

例如,所述计算机程序可以被分割成:获取单元、采集单元和确定单元。 各单元具体功能如下:For example, the computer program may be divided into: an acquisition unit, a collection unit and a determination unit. The specific functions of each unit are as follows:

获取单元,用于获取工业控制系统的每个资源项的风险项和每个所述资源 项的资源重要程度值,以及每个所述资源项的各个所述风险项对所述资源项造 成资源损失的损失程度值;an acquisition unit, configured to acquire a risk item of each resource item of the industrial control system and a resource importance value of each resource item, and a loss degree value of resource loss caused by each risk item of each resource item to the resource item;

采集单元,用于采集各个所述资源项的资源信息,并根据所述资源信息确 定各个所述资源项中各个所述风险项的出现频率;a collecting unit, configured to collect resource information of each of the resource items, and determine the occurrence frequency of each of the risk items in each of the resource items according to the resource information;

确定单元,用于根据每个所述资源项的资源重要程度值、每个所述资源项 的各个风险项的出现频率以及每个所述资源项的各个风险项对所述资源项造成 资源损失的损失程度值,确定各个所述资源项中各个风险项的风险值。A determination unit is used to determine the risk value of each risk item in each of the resource items according to the resource importance value of each of the resource items, the occurrence frequency of each risk item of each of the resource items, and the loss degree value of the resource loss caused by each risk item of each of the resource items to the resource item.

所述终端可包括,但不仅限于,处理器40、存储器41。本领域技术人员可 以理解,图4仅仅是终端的示例,并不构成对终端的限定,可以包括比图示更 多或更少的部件,或者组合某些部件,或者不同的部件,例如所述终端还可以 包括输入输出设备、网络接入设备、总线等。The terminal may include, but is not limited to, a processor 40 and a memory 41. Those skilled in the art will appreciate that FIG4 is merely an example of a terminal and does not limit the terminal, and may include more or fewer components than shown in the figure, or may combine certain components, or different components. For example, the terminal may also include input and output devices, network access devices, buses, etc.

所称处理器40可以是中央处理单元(Central Processing Unit,CPU),还可 以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用 集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或 者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理 器也可以是任何常规的处理器等。The processor 40 may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), field-programmable gate arrays (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or any conventional processor, etc.

所述存储器41可以是所述终端的内部存储单元,例如终端的硬盘或内存。 所述存储器41也可以是所述终端的外部存储设备,例如所述终端上配备的插接 式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器41还可以既包括所述终端的内部存储单元也包括外部存储设备。所述存储器41用于存储所述计算 机程序以及所述终端所需的其他程序和数据。所述存储器41还可以用于暂时地 存储已经输出或者将要输出的数据。The memory 41 may be an internal storage unit of the terminal, such as a hard disk or memory of the terminal. The memory 41 may also be an external storage device of the terminal, such as a plug-in hard disk, a smart media card (SMC), a secure digital (SD) card, a flash card, etc. equipped on the terminal. Further, the memory 41 may also include both an internal storage unit of the terminal and an external storage device. The memory 41 is used to store the computer program and other programs and data required by the terminal. The memory 41 may also be used to temporarily store data that has been output or is to be output.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上 述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上 述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不 同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功 能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬 件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模 块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上 述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程, 在此不再赘述。It is clear to the technicians in the relevant field that, for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example for illustration. In practical applications, the above-mentioned function allocation can be completed by different functional units and modules as needed, that is, the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiment can be integrated into a processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or in the form of software functional units. In addition, the specific names of the functional units and modules are only for the convenience of distinguishing each other, and are not used to limit the scope of protection of this application. The specific working process of the units and modules in the above-mentioned system can refer to the corresponding process in the aforementioned method embodiment, and will not be repeated here.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详 述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, the description of each embodiment has its own emphasis. For parts that are not described or recorded in detail in a certain embodiment, reference can be made to the relevant descriptions of other embodiments.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示 例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来 实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用 和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现 所描述的功能,但是这种实现不应认为超出本申请的范围。Those skilled in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.

在本申请所提供的实施例中,应该理解到,所揭露的装置/终端和方法,可 以通过其它的方式实现。例如,以上所描述的装置/终端实施例仅仅是示意性的, 例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有 另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统, 或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接, 可以是电性,机械或其它的形式。In the embodiments provided in the present application, it should be understood that the disclosed devices/terminals and methods can be implemented in other ways. For example, the device/terminal embodiments described above are only schematic. For example, the division of the modules or units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为 单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者 也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部 单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中, 也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元 中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的 形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional unit.

所述集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品 销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解, 本申请实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指 令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中, 所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、 对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、 磁碟、光盘、计算机存储器、只读存储器(Read-Only Memory,ROM)、随机 存取存储器(Random Access Memory,RAM)、电载波信号、电信信号以及软 件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法 管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括电载波信号和电信信号。If the integrated module/unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the present application implements all or part of the processes in the above-mentioned embodiment method, and can also be completed by instructing the relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium. When the computer program is executed by the processor, the steps of the above-mentioned various method embodiments can be implemented. Among them, the computer program includes computer program code, and the computer program code can be in source code form, object code form, executable file or some intermediate form. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, disk, optical disk, computer memory, read-only memory (ROM), random access memory (RAM), electric carrier signal, telecommunication signal and software distribution medium, etc. It should be noted that the content contained in the computer-readable medium can be appropriately increased or decreased according to the requirements of legislation and patent practices in the jurisdiction. For example, in some jurisdictions, according to legislation and patent practices, computer-readable media do not include electrical carrier signals and telecommunication signals.

以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照 前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其 依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特 征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申 请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-described embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them. Although the present application has been described in detail with reference to the above-described embodiments, a person skilled in the art should understand that the technical solutions described in the above-described embodiments can still be modified, or some of the technical features can be replaced by equivalents. Such modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present application, and should be included in the protection scope of the present application.

Claims (9)

1.一种风险评估方法,其特征在于,包括:1. A risk assessment method, comprising: 获取工业控制系统的每个资源项的风险项和每个所述资源项的资源重要程度值,以及每个所述资源项的各个所述风险项对所述资源项造成资源损失的损失程度值;Acquire the risk item of each resource item of the industrial control system and the resource importance value of each resource item, as well as the loss degree value of the resource loss caused by each risk item of each resource item to the resource item; 采集各个所述资源项的资源信息,并根据所述资源信息确定各个所述资源项中各个所述风险项的出现频率,其中,所述资源信息由所述工业控制系统采集;Collecting resource information of each of the resource items, and determining the occurrence frequency of each of the risk items in each of the resource items according to the resource information, wherein the resource information is collected by the industrial control system; 根据每个所述资源项的资源重要程度值、每个所述资源项的各个风险项的出现频率以及每个所述资源项的各个风险项对所述资源项造成资源损失的损失程度值,确定各个所述资源项中各个风险项的风险值;Determine the risk value of each risk item in each resource item according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of each risk item of each resource item causing resource loss to the resource item; 所述风险评估方法,还包括:获取所述工业控制系统的用户调查结果;The risk assessment method further includes: obtaining user survey results of the industrial control system; 所述根据所述资源信息确定各个所述资源项中各个所述风险项的出现频率,包括:获取预设的风险项模板;将所述资源信息以及所述用户调查结果分别与所述预设的风险项模板中对应的资源模板信息和调查结果模板信息进行比对,如果所述资源信息和所述资源模板信息存在差异则确认所述资源信息中出现的所述风险项,如果所述调查结果和所述调查结果模板信息存在差异,则确认所述用户调查结果中出现的所述风险项,并统计所述风险项的出现频率。The method of determining the occurrence frequency of each risk item in each resource item based on the resource information includes: obtaining a preset risk item template; comparing the resource information and the user survey results with the corresponding resource template information and survey result template information in the preset risk item template, respectively; if there is a difference between the resource information and the resource template information, confirming the risk items appearing in the resource information; if there is a difference between the survey result and the survey result template information, confirming the risk items appearing in the user survey result, and counting the occurrence frequency of the risk items. 2.如权利要求1所述的风险评估方法,其特征在于,所述根据每个所述资源项的资源重要程度值、每个所述资源项的各个风险项的出现频率以及每个所述资源项的各个风险项对所述资源项造成资源损失的损失程度值,确定各个所述资源项中各个风险项的风险值的步骤中,单个风险项的风险值的确定步骤包括:2. The risk assessment method according to claim 1 is characterized in that, in the step of determining the risk value of each risk item in each of the resource items according to the resource importance value of each of the resource items, the occurrence frequency of each risk item of each of the resource items, and the loss degree value of the resource loss caused by each risk item of each of the resource items to the resource item, the step of determining the risk value of a single risk item comprises: 根据风险估算公式确定该风险项的风险值;其中,la为该风险项关联的资源项的资源重要程度值、T为该风险项的出现频率;V为该风险项对该风险项关联的资源项造成资源损失的损失程度值。According to the risk estimation formula Determine the risk value of the risk item; wherein la is the resource importance value of the resource item associated with the risk item, T is the occurrence frequency of the risk item; and V is the loss degree value of the resource loss caused by the risk item to the resource item associated with the risk item. 3.如权利要求1所述的风险评估方法,其特征在于,在所述确定所述用户调查结果和所述资源信息中出现的所述风险项之后,还包括:3. The risk assessment method according to claim 1, characterized in that after determining the risk items appearing in the user survey results and the resource information, it further comprises: 对所述用户调查结果和所述资源信息中的出现的所述风险项进行聚合,并根据聚合后的风险项输出风险提示信息。The risk items appearing in the user survey result and the resource information are aggregated, and risk warning information is output according to the aggregated risk items. 4.如权利要求1或2所述的风险评估方法,其特征在于,在所述确定各个所述资源项中各个风险项的风险值之后,还包括:4. The risk assessment method according to claim 1 or 2, characterized in that after determining the risk value of each risk item in each resource item, it also includes: 对工业控制系统的每个所述资源项、每个所述资源项的资源信息、每个所述资源项的各个风险项和每个所述风险项的风险值进行展示。Each resource item of the industrial control system, resource information of each resource item, various risk items of each resource item, and a risk value of each risk item are displayed. 5.如权利要求1或2所述的风险评估方法,其特征在于,所述资源项包含操作员站;5. The risk assessment method according to claim 1 or 2, characterized in that the resource item comprises an operator station; 所述采集各个所述资源项的资源信息,包括:The collecting of resource information of each resource item includes: 获取所述操作员站的日志信息;Obtaining log information of the operator station; 将所述日志信息作为所述资源信息。The log information is used as the resource information. 6.如权利要求1或2所述的风险评估方法,其特征在于,所述资源项包含网络设备和安全设备;6. The risk assessment method according to claim 1 or 2, characterized in that the resource items include network devices and security devices; 所述采集各个所述资源项的资源信息,包括:The collecting of resource information of each resource item includes: 通过简单网络管理协议,接收与所述网络设备关联的第一网络节点和与所述安全设备关联的第二网络节点发送的通知消息;Receiving, via a simple network management protocol, a notification message sent by a first network node associated with the network device and a second network node associated with the security device; 将所述通知信息作为所述资源信息。The notification information is used as the resource information. 7.一种风险评估装置,其特征在于,包括:7. A risk assessment device, comprising: 获取单元,用于获取工业控制系统的每个资源项的风险项和每个所述资源项的资源重要程度值,以及每个所述资源项的各个所述风险项对所述资源项造成资源损失的损失程度值;An acquisition unit, used to acquire a risk item of each resource item of the industrial control system and a resource importance value of each resource item, and a loss degree value of resource loss caused by each risk item of each resource item to the resource item; 采集单元,用于采集各个所述资源项的资源信息,并根据所述资源信息确定各个所述资源项中各个所述风险项的出现频率,其中,所述资源信息由所述工业控制系统采集;A collection unit, used to collect resource information of each of the resource items, and determine the occurrence frequency of each of the risk items in each of the resource items according to the resource information, wherein the resource information is collected by the industrial control system; 确定单元,用于根据每个所述资源项的资源重要程度值、每个所述资源项的各个风险项的出现频率以及每个所述资源项的各个风险项对所述资源项造成资源损失的损失程度值,确定各个所述资源项中各个风险项的风险值;A determination unit, configured to determine the risk value of each risk item in each resource item according to the resource importance value of each resource item, the occurrence frequency of each risk item of each resource item, and the loss degree value of resource loss caused by each risk item of each resource item to the resource item; 所述获取单元,还用于:获取所述工业控制系统的用户调查结果;The acquisition unit is further used to: acquire a user survey result of the industrial control system; 所述采集单元,用于:获取预设的风险项模板;将所述资源信息以及所述用户调查结果分别与所述预设的风险项模板中对应的资源模板信息和调查结果模板信息进行比对,如果所述资源信息和所述资源模板信息存在差异则确认所述资源信息中出现的所述风险项,如果所述调查结果和所述调查结果模板信息存在差异,则确认所述用户调查结果中出现的所述风险项,并统计所述风险项的出现频率。The collection unit is used to: obtain a preset risk item template; compare the resource information and the user survey results with the corresponding resource template information and survey result template information in the preset risk item template respectively; if there is a difference between the resource information and the resource template information, confirm the risk item appearing in the resource information; if there is a difference between the survey result and the survey result template information, confirm the risk item appearing in the user survey result, and count the occurrence frequency of the risk item. 8.一种终端,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至6任一项所述方法的步骤。8. A terminal comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method according to any one of claims 1 to 6 when executing the computer program. 9.一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至6任一项所述方法的步骤。9. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of the method according to any one of claims 1 to 6.
CN202011618254.1A 2020-12-30 2020-12-30 A risk assessment method, device, terminal and storage medium Active CN112801453B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011618254.1A CN112801453B (en) 2020-12-30 2020-12-30 A risk assessment method, device, terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011618254.1A CN112801453B (en) 2020-12-30 2020-12-30 A risk assessment method, device, terminal and storage medium

Publications (2)

Publication Number Publication Date
CN112801453A CN112801453A (en) 2021-05-14
CN112801453B true CN112801453B (en) 2024-11-05

Family

ID=75806026

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011618254.1A Active CN112801453B (en) 2020-12-30 2020-12-30 A risk assessment method, device, terminal and storage medium

Country Status (1)

Country Link
CN (1) CN112801453B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114386824B (en) * 2022-01-05 2026-01-09 广东电网有限责任公司 Risk control methods, devices, equipment and storage media for power business platforms

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101374051A (en) * 2008-08-22 2009-02-25 中国航天科工集团第二研究院七○六所 Method for evaluating information system risk base on multi-element fusion
CN111859393A (en) * 2020-07-20 2020-10-30 交通运输信息安全中心有限公司 Risk assessment system and method based on situation awareness alarm

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002079907A2 (en) * 2001-03-29 2002-10-10 Accenture Llp Overall risk in a system
JP4369724B2 (en) * 2003-10-31 2009-11-25 株式会社富士通ソーシアルサイエンスラボラトリ Information security management program, information security management apparatus and management method
JP2005234840A (en) * 2004-02-19 2005-09-02 Nec Micro Systems Ltd Method for evaluating risk and method for support selection of security management measures and program
US8621637B2 (en) * 2011-01-10 2013-12-31 Saudi Arabian Oil Company Systems, program product and methods for performing a risk assessment workflow process for plant networks and systems
CN103366244A (en) * 2013-06-19 2013-10-23 深圳市易聆科信息技术有限公司 Method and system for acquiring network risk value in real time
CN103400027A (en) * 2013-07-09 2013-11-20 贵州大学 Risk assessment algorithm for information system
CN106709613B (en) * 2015-07-16 2020-11-27 中国科学院信息工程研究所 A Risk Assessment Method for Industrial Control Systems
CN106790198A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of method for evaluating information system risk and system
CN109146240A (en) * 2018-07-03 2019-01-04 北京航空航天大学 A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle
JP2019125336A (en) * 2018-08-07 2019-07-25 株式会社日本アルマック Risk evaluation analysis method using risk evaluation analysis system
CN111523755A (en) * 2020-03-14 2020-08-11 广州融信管理咨询有限公司 Potential safety hazard risk quantitative evaluation system for production enterprises
CN111444514B (en) * 2020-03-19 2023-04-07 腾讯科技(深圳)有限公司 Information security risk assessment method and device, equipment and storage medium
CN111507597A (en) * 2020-04-10 2020-08-07 南京源堡科技研究院有限公司 Network information security risk assessment model and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101374051A (en) * 2008-08-22 2009-02-25 中国航天科工集团第二研究院七○六所 Method for evaluating information system risk base on multi-element fusion
CN111859393A (en) * 2020-07-20 2020-10-30 交通运输信息安全中心有限公司 Risk assessment system and method based on situation awareness alarm

Also Published As

Publication number Publication date
CN112801453A (en) 2021-05-14

Similar Documents

Publication Publication Date Title
US12301627B2 (en) Correlating network event anomalies using active and passive external reconnaissance to identify attack information
US11750659B2 (en) Cybersecurity profiling and rating using active and passive external reconnaissance
US12058177B2 (en) Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance
US20250175503A1 (en) Rating organization cybersecurity using probe-based network reconnaissance techniques
US20210297432A1 (en) Generation of an anomalies and event awareness evaluation regarding a system aspect of a system
US11526422B2 (en) System and method for troubleshooting abnormal behavior of an application
CN109600441B (en) Alliance link information publishing control method and terminal equipment
US20240036963A1 (en) Multi-contextual anomaly detection
CN110618911B (en) Data monitoring method and device, storage medium and server
US20160042388A1 (en) Tracking and analyzing mobile device activity related to mobile display campaigns
CN113157659A (en) A log processing method and device
CN112395156A (en) Fault warning method and device, storage medium and electronic equipment
US20240195841A1 (en) System and method for manipulation of secure data
CN116909838A (en) An abnormal log reporting method, system, terminal device and storage medium
CN113783828A (en) Business system monitoring method and device
CN111756745A (en) Alarm method, alarm device and terminal equipment
CN112801453B (en) A risk assessment method, device, terminal and storage medium
CN115499202A (en) Network data processing method, device, system, processing equipment and storage medium
CN116415299A (en) Database auditing method and device, electronic equipment and storage medium
CN116346433A (en) Power system network security situation detection method and system
CN118897784B (en) Interface call log analysis method, device, equipment, medium and product
CN120631956A (en) Data stream display method, device, non-volatile storage medium and electronic device
CN118410005A (en) A log audit method, device, medium and product
CN117439873A (en) Unified alarm method, system, equipment and medium under multi-cloud service
CN113259299A (en) Label management method, reporting method, data analysis method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant